(Seattle, Wash.) Trustworthy computing  the idea that products
should be secure out of the box and customers shouldn't have to worry
about applying constant patches and hotfixes  is more than a Microsoft
marketing slogan, according to Steve Lipner. It's a cultural change at
Redmond on a par with the shift of priorities to the Internet last decade.

Lipner, Microsoft's Director of Security Assurance, said during a keynote
speech at the MCP TechMentor Summit on Security that "The key goal of
Trustworthy Computing is to make computing so safe and reliable that people
simply take it for granted, just like other systems you take for granted
today like the telephone system, water supply and electric power grid."

To that end, Lipner commented, Microsoft is "focused not on building
in security features, but on making sure products do what they say they
do, securely."

The catalyst for the initiative was Chairman and Chief Software Architect
Bill Gates' memo last January that shifted the development emphasis from
features to security. In that memo, which has often been compared to Gates'
mid-'90s memo "The Coming Internet Tidal Wave" for the effect it had on
the company, Gates said that features should be sacrificed for security,
instead of the other way around as has been past practice.

"I think you can say this is a clear internal commitment, from developers
and testers to the top executives in the company," Lipner said.

The commitment to securing its products is so serious, Lipner said, that
it involved about 8,500 employees and cost the equivalent "of between
1,400 and 1,500 work years in two months" by those employees to retrain
and go through code. A financial vice-president said recently that the
total cost to the company for the security push was about $100 million,
but Lipner said that estimate "was probably on the low end of what it
cost us."

When it comes to Microsoft's next big product release, .NET Server, Lipner
said it will be a quantum leap in security out of the box. One big change
is a new emphasis on accountability. Lipner said that everyone who contributed
to the .NET Server CD (slated for general release next year) had to reexamine
their code for vulnerabilities. They then had to "sign off" on that code,
proclaiming it secure. "We now have individual accountability specifically
for security for every file in a Windows program. Now, if a vulnerability
is discovered, we have the ability to go back and ask why" it occurred.

Lipner also mentioned Microsoft's "Severity Ratings System," which classifies
vulnerabilities as Critical, Moderate or Low, depending on how much damage
they can potentially do to a system. "We've been using it about eight
months now, and we think it's been useful for customers," he said.

Lipner also urged patience for those who expect the Trustworthy Computing
initiative to immediately solve all security holes in Microsoft's products.
"Achieving this level of trustworthiness won't happen overnight. It will
probably take a decade" to implement all the processes and controls, he
said. But in the end, it will be worth it, Lipner predicted. "Individual
trust is a key factor in realizing that promise, if people are going to
trust the computing business and trust us."

About the Author

Keith Ward is the editor in chief of Virtualization Review. Follow him on Twitter @VirtReviewKeith.